Hi all,
In the "Application and URL Filtering" report of the Smart Event, in the "high bandwidth user" view, for some users we see applications like "HTTP/2 over TLS" and "SSL Protocol". Beside these applications we can also see applications like youtube, facebook etc. (I have attached a picture from an example report)
What we want to understand is what kind of access generates these traffics? ("HTTP/2 over TLS" and "SSL Protocol"). These applications seems like protocols, not applications, so in stead of these shouldn't we need to see the real application/site?
Hi,
Thank you for the replies. I have attached some logs and the relevant rule. In the rule "Genel Erisi..." is a site group and contains some URL categories.
Gateway is configured for HTTPS inspection and running on R77.30. But I'm not sure about SNI, where can I check if SNI enabled?
| User | Count |
|---|---|
| 7 | |
| 6 | |
| 5 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 |
Tue 04 Mar 2025 @ 04:00 PM (CET)
Check Point | WIZ : Powering the Next Era of Cloud Security - EMEA & AMERICASTue 04 Mar 2025 @ 05:00 PM (PST)
Check Point | WIZ : Powering the Next Era of Cloud Security - AMERICAS & APACTue 11 Mar 2025 @ 05:00 PM (CDT)
Under the Hood: Configuring Site to Site VPN with Azure Virtual WAN and CloudGuard Network SecurityTue 04 Mar 2025 @ 04:00 PM (CET)
Check Point | WIZ : Powering the Next Era of Cloud Security - EMEA & AMERICASTue 11 Mar 2025 @ 05:00 PM (CDT)
Under the Hood: Configuring Site to Site VPN with Azure Virtual WAN and CloudGuard Network SecurityWed 12 Mar 2025 @ 06:00 PM (IST)
TechTalk: The Future of Browser Security: AI, Data Leaks & How to Stay Protected
